Scanning Api Security

Overview

This skill provides automated assistance for api security scanner tasks. This skill provides automated assistance for the described functionality.

Prerequisites

Before using this skill, ensure you have:

• API design specifications or requirements documented
• Development environment with necessary frameworks installed
• Database or backend services accessible for integration
• Authentication and authorization strategies defined
• Testing tools and environments configured

Instructions

1. Use Read tool to examine existing API specifications from {baseDir}/api-specs/
2. Define resource models, endpoints, and HTTP methods
3. Document request/response schemas and data types
4. Identify authentication and authorization requirements
5. Plan error handling and validation strategies
6. Generate boilerplate code using Bash(api:security-*) with framework scaffolding
7. Implement endpoint handlers with business logic
8. Add input validation and schema enforcement
9. Integrate authentication and authorization middleware
10. Configure database connections and ORM models
11. Write integration tests covering all endpoints

See {baseDir}/references/implementation.md for detailed implementation guide.

Output

• {baseDir}/src/routes/ - Endpoint route definitions
• {baseDir}/src/controllers/ - Business logic handlers
• {baseDir}/src/models/ - Data models and schemas
• {baseDir}/src/middleware/ - Authentication, validation, logging
• {baseDir}/src/config/ - Configuration and environment variables
• OpenAPI 3.0 specification with complete endpoint definitions

Error Handling

See {baseDir}/references/errors.md for comprehensive error handling.

Examples

See {baseDir}/references/examples.md for detailed examples.

Resources

• Express.js and Fastify for Node.js APIs
• Flask and FastAPI for Python APIs
• Spring Boot for Java APIs
• Gin and Echo for Go APIs
• OpenAPI Specification 3.0+ for API documentation